Abstract
While a rigorous information flow analysis is a key step in obtaining meaningful end-to-end confidentiality guarantees, one must also permit possibilities for declassification. Sabelfeld and Sands categorized the existing approaches to controlling declassification in their overview along four dimensions and according to four prudent principles [16].
In this article, we propose three novel security conditions for controlling the dimensions where and what, and we explain why these conditions constitute improvements over prior approaches. Moreover, we present a type-based security analysis and, as another novelty, prove a soundness result that considers more than one dimension of declassification.
Chapter PDF
Similar content being viewed by others
References
Almeida Matos, A.: Typing secure information flow: declassification and mobility. PhD thesis, École Nationale Supérieure des Mines de Paris (2006)
Almeida Matos, A., Boudol, G.: On declassification and the non-disclosure policy. In: Proc. IEEE Computer Security Foundations Workshop (2005)
Cohen, E.: Information transmission in sequential programs. In: Foundations of Secure Computation, pp. 297–335. Academic Press, London (1978)
Dam, M., Giambiagi, P.: Information flow control for cryptographic applets. Presentation at Dagstuhl Seminar on Language-Based Security (2003), http://kathrin.dagstuhl.de/03411/Materials2/
Giacobazzi, R., Mastroeni, I.: Abstract non-interference: Parameterizing non-interference by abstract interpretation. In: Proc. of the 31st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 186–197 (2004)
Goguen, J.A., Meseguer, J.: Security Policies and Security Models. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 11–20 (1982)
Li, P., Zdancewic, S.: Downgrading policies and relaxed noninterference. In: Proc. of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages, New York, NY, USA, pp. 158–170 (2005)
Lowe, G.: Quantifying information flow. In: Proc. of the 15th IEEE Computer Security Foundations Workshop, Washington, DC, USA (2002)
Mantel, H., Sands, D.: Controlled Declassification based on Intransitive Noninterference. In: Chin, W.-N. (ed.) APLAS 2004. LNCS, vol. 3302, pp. 129–145. Springer, Heidelberg (2004)
Di Pierro, A., Hankin, C., Wiklicky, H.: Approximate Non-Interference. Journal of Computer Security 12(1), 37–81 (2004)
Sabelfeld, A.: Confidentiality for Multithreaded Programs via Bisimulation. In: Broy, M., Zamulin, A.V. (eds.) PSI 2003. LNCS, vol. 2890, pp. 260–274. Springer, Heidelberg (2004)
Sabelfeld, A., Myers, A.C.: Language-based Information-Flow Security. IEEE Journal on Selected Areas in Communication 21(1), 5–19 (2003)
Sabelfeld, A., Myers, A.C.: A model for delimited information release. In: Proceedings of the International Symposium on Software Security (2004)
Sabelfeld, A., Sands, D.: A Per Model of Secure Information Flow in Sequential Programs. In: Swierstra, S.D. (ed.) ESOP 1999 and ETAPS 1999. LNCS, vol. 1576, pp. 50–59. Springer, Heidelberg (1999)
Sabelfeld, A., Sands, D.: Probabilistic Noninterference for Multi-threaded Programs. In: Proceedings of the 13th IEEE Computer Security Foundations Workshop, Cambridge, UK, pp. 200–215 (2000)
Sabelfeld, A., Sands, D.: Dimensions and Principles of Declassification. In: Proceedings of the 18th IEEE Computer Security Foundations Workshop, pp. 255–269. IEEE Computer Society Press, Los Alamitos (2005)
Zdancewic, S., Myers, A.: Robust declassification. In: 14th IEEE Computer Security Foundations Workshop (CSFW ’01), Washington - Brussels - Tokyo, pp. 15–26 (2001)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Mantel, H., Reinhard, A. (2007). Controlling the What and Where of Declassification in Language-Based Security. In: De Nicola, R. (eds) Programming Languages and Systems. ESOP 2007. Lecture Notes in Computer Science, vol 4421. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71316-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-71316-6_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71314-2
Online ISBN: 978-3-540-71316-6
eBook Packages: Computer ScienceComputer Science (R0)